Article (1) : Hacked Utah health data guarded by weak password (from Bloomberg Businessweek)
Summary by: Angelina Fernandez
Sensitive data that was compromised in a massive health records breach had been lingering on state computer for months. There are about 780,000 people had some sort of personal information exposed by the attack on a state server. Victims included but not limited to people in Medicaid and a health insurance program for children in low-income families. According to the article, the major reason for the breach is, the health care providers often submit personal information to the state to check whether a patient is a possible Medicaid recipient. In addition, the date also was behind a weak password. The attackers used an IP address which is used to identify and locate a computer online, that came from an eastern European country. While the IP address is a good place to start the investigation, it's possible the hackers hijacked a computer server that was nowhere near their physical location. So far, no one can put any limit on what a hacker could do with victims’ Social Security numbers.
The breach which is described in this article is the type of “Stealing sensitive date about customers”. However, it could go further as “Identity Theft” if there’s no actions been taken. Actually, there are many ways for preventing this breach to be happened. First of all, there’s already the standard procedure that all the data need to be erased within a day of being submitted. Unfortunately, this procedure was violated and it didn’t catch the people’s attention until the breach was found. In the near future, the standard procedure should be abided strictly and any violation should result in sanctions. Secondly, strong passwords are required. For example, regular changes of passwords, using strong passwords with a mix of cases, symbols and digits, a full internet security package and not using unsecured public connections to carry out transactions: these are the minimum standards that consumers must adhere to, in order to minimize the potential of becoming a victim of financial crime. Last but not least, in this case, for preventing identity theft, people should take actions, for example, cooperate with state officials for free credit monitoring and check own bank account frequently and report any suspect transactions. Though these methods may not guarantee the complete safety for free of stealing sensitive data, it may help defense, at least, minimize the risk of the breaches.
Article (1) : Hacked Utah health data guarded by weak password (from Bloomberg Businessweek)
Summary by: Angelina Fernandez
Sensitive data that was compromised in a massive health records breach had been lingering on state computer for months. There are about 780,000 people had some sort of personal information exposed by the attack on a state server. Victims included but not limited to people in Medicaid and a health insurance program for children in low-income families. According to the article, the major reason for the breach is, the health care providers often submit personal information to the state to check whether a patient is a possible Medicaid recipient. In addition, the date also was behind a weak password. The attackers used an IP address which is used to identify and locate a computer online, that came from an eastern European country. While the IP address is a good place to start the investigation, it's possible the hackers hijacked a computer server that was nowhere near their physical location. So far, no one can put any limit on what a hacker could do with victims’ Social Security numbers.
The breach which is described in this article is the type of “Stealing sensitive date about customers”. However, it could go further as “Identity Theft” if there’s no actions been taken. Actually, there are many ways for preventing this breach to be happened. First of all, there’s already the standard procedure that all the data need to be erased within a day of being submitted. Unfortunately, this procedure was violated and it didn’t catch the people’s attention until the breach was found. In the near future, the standard procedure should be abided strictly and any violation should result in sanctions. Secondly, strong passwords are required. For example, regular changes of passwords, using strong passwords with a mix of cases, symbols and digits, a full internet security package and not using unsecured public connections to carry out transactions: these are the minimum standards that consumers must adhere to, in order to minimize the potential of becoming a victim of financial crime. Last but not least, in this case, for preventing identity theft, people should take actions, for example, cooperate with state officials for free credit monitoring and check own bank account frequently and report any suspect transactions. Though these methods may not guarantee the complete safety for free of stealing sensitive data, it may help defense, at least, minimize the risk of the breaches.
35/40